Slashdot Mirror

← Back to Stories (view on slashdot.org)

WPA Encryption Cracked In 60 Seconds

Posted by timothy on from the nicholas-cage-has-an-alibi dept.

carusoj writes "Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level. The earlier attack worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm."

7 of 322 comments (clear)

  1. Re:Cool by MooseMuffin · · Score: 5, Insightful

    You'll be able to provide more free wireless too!

  2. Re:Secure protocols for home wifi? by Mad+Merlin · · Score: 5, Insightful

    Wired ethernet. Not only is it vastly more secure, it's also an order of magnitude or two faster than wireless.

    --
    Game! - Where the stick is mightier than the sword!
  3. Re:Secure protocols for home wifi? by pantherace · · Score: 4, Insightful

    I challenge you to show me a consumer available wireless that actually runs at 1 gigabit.

  4. Re:How does the VPN help? by NitroWolf · · Score: 4, Insightful

    Are you *positive* that the VPN connection is uncrackable? If it's going over wireless, then if someone is recording the cyphertext, they will be able to recover the VPN cyphertext out of the WPA cyphertext. If they then know of a way to recover the 'cleartext' from the VPN cyphertext, then you are still leaking your data. If the VPN system is so secure, why aren't we using it for the wireless connection? That is, make the wireless network a VPN using the same algorithms you use for your VPN?

    While I am not commenting on the security or lack of security in a VPN connection, I believe I can answer this. The simple fact is, most routers can't handle the encryption load of a full blown VPN, especially one with multiple users. Even dedicated routers that are made to handle this can only handle 5 or 10 at a time until you start plopping down the big bucks for the serious VPN routers.

    So using VPN level of encryption on a home router is not going to happen until processing power is increased dramatically on the cheap CPUs they use.

  5. Re:The rat race continues.. by Lord+Ender · · Score: 4, Insightful

    Actually, it is a mathematical fact that OTP is perfectly unbreakable. P=NP doesn't enter into it.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  6. Re:The rat race continues.. by gclef · · Score: 4, Insightful

    Oh, fer crying out loud, if you're going to use wikipedia notation, at least *check* wikipedia first:

    The Vernam-Mauborgne one-time pad was recognized early on as difficult to break, but its special status was only established by Claude Shannon some 25 years later. He proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext

  7. Re:The rat race continues.. by JoshuaZ · · Score: 4, Insightful

    The original question was "The question is can anything be secure in the long term if an attacker can monitor the conversation between alice and bob 24/7?" Presumably then you eventually run out of one time pads. OTP is secure iff you have either a shared source of randomness or have some other secure channel to transmit the material. And if you have a shared source of randomness you need then to have that source somehow secure. There are good reasons we don't use one time pads on a daily basis.